Applies To:

BIG-IP GTM

Overview: Screening and forwarding non-wide IP traffic to a pool of DNS servers

BIG-IP
Global Traffic Manager (GTM) can function as a
traffic screener in front of a pool of DNS servers. In this situation, BIG-IP GTM checks
incoming DNS queries and if the query is for a wide IP, resolves the query. Otherwise,
BIG-IP GTM forwards the DNS query to one of the servers in a pool of DNS servers, and
that server handles the query.

Traffic flow when BIG-IP GTM screens traffic to a pool of DNS servers

About listeners

A listener is a specialized virtual server that uses port 53 and to which you
assign a specific IP address. When traffic is sent to that IP address, the listener alerts BIG-IP
GTM and the system either handles the traffic locally or forwards the traffic to the appropriate
resource.

You control how BIG-IP
GTM responds to network traffic on a per-listener basis. The number of
listeners you create depends on your network configuration and the destinations to which you want
to send specific DNS requests. For example, a single BIG-IP GTM can be the primary authoritative
server for one domain, while forwarding other DNS requests to a different DNS server. Regardless
of how many listeners you configure, BIG-IP GTM always manages and responds to requests for the
wide IPs that you have configured on the system.

Task summary

Perform these tasks to screen non-wide IP traffic and forward the traffic to a pool of DNS
servers.

Creating a pool of local DNS servers

Ensure that you have created a custom DNS monitor to assign to the pool of DNS
servers. Gather the IP addresses of the DNS servers that you want to include in a pool
to which the BIG-IP system load balances DNS traffic.

Log in to the command-line interface of the BIG-IP system.

Type tmsh, to access the Traffic Management Shell.

Run a variation on this command sequence to create a pool using the IP
addresses of the DNS servers on your network: create /ltm pool DNS_pool
members add { 10.10.1.1:domain 10.10.1.2:domain 10.10.1.3:domain } monitor
my_custom_dns_monitor

Note::domain indicates the DNS port.

When you run this example command, the system creates a pool named
DNS_pool that includes three DNS servers with the following IP addresses:
10.10.1.1, 10.10.1.2, and 10.10.1.3. The custom DNS monitor you created to
monitor DNS servers is assigned to the pool. The monitor sends DNS requests to
the pool of DNS servers and validates the DNS responses.

Run this command sequence to save the pool: save /sys config

Run this command sequence to display the pool: list /ltm pool

Verify that the pool is configured correctly.

Creating a listener that alerts GTM to DNS queries for a pool of DNS servers

Configure a listener that alerts BIG-IP
GTM to DNS queries destined for DNS servers that are members of a
pool.

Log on to the command-line interface of BIG-IP GTM.

Type tmsh, to access the Traffic Management Shell.

Run this command sequence to create a listener: create /gtm listener
<name of listener> address <IP address on which you want the listener
to alert GTM to DNS traffic> ip-protocol udp pool <name of pool>
translate-address enabled
The system creates a listener with the specified name and IP address
that alerts BIG-IP GTM to queries destined for the members of the specified
pool.

Run this command sequence to save the listener: save /sys
config

Run this command sequence to display the listener: list /gtm
listener
The system displays the new listener configuration.

Implementation result

You now have an implementation in which BIG-IP
GTM receives DNS queries, handles wide IP requests, and forwards
all other DNS queries to members of the pool of DNS servers.